lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20080518144340.GH8140@cs181133002.pp.htv.fi>
Date:	Sun, 18 May 2008 17:43:40 +0300
From:	Adrian Bunk <bunk@...nel.org>
To:	Theodore Tso <tytso@....edu>, Gilles Espinasse <g.esp@...e.fr>,
	netdev@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] drivers/net: remove network drivers' last few uses
	ofIRQF_SAMPLE_RANDOM

On Sun, May 18, 2008 at 08:24:10AM -0400, Theodore Tso wrote:
> On Sun, May 18, 2008 at 03:02:36PM +0300, Adrian Bunk wrote:
> > > Yes that's the whole point.
> > > Why remove IRQF_SAMPLE_RANDOM if "it cannot make the RNG output worse."
> > > We should not care if network traffic can be sniffed in some configurations
> > > (plus sniffing could be very unlikely in some others).
> > >...
> > > Are network drivers better without SAMPLE_RANDOM?
> > > My understanding of openssl developper answer is same as yours :
> > > "it cannot make the RNG output worse."
> > 
> > The "it cannot make the RNG output worse." only applies to the OpenSSL 
> > case (one could argue whether it makes sense, but it can't do harm).
> 
> Actually, it applies here too.  Or it can be made to apply here.  If
> people are concerned that for certain cards the entropy could
> potentially be guessed by someone on the local network (although I
> suspect it's still useful for protecting against someone who doesn't
> have local network access), we could still sample the entropy, and
> just not increment the entropy credit for /dev/random's sake.

The latter is exactly the difference between the two cases.

But Gilles was implying using IRQF_SAMPLE_RANDOM for gathering entropy 
was as harmless as OpenSSL mixing uninitialized memory into their RNG.

> It will
> still put something into the entropy pool which is also used by
> /dev/urandom.
> 
> > The replacement solution ready on all Linux machines today is for 
> > userspace to use /dev/urandom instead of /dev/random if feasible.
> 
> Sampling interrupt entropy will definitely not hurt /dev/urandon, and
> may help, especially in the freshly installed server case.  Especially
> if it's using kickstart-style install, where there is no keyboard
> entropy, sampling the interrupts as it pulls RPM's from the network
> and/or the CD-ROM drive may be all that we have.

No disagreement on this.

>               	   	  	       	   	   - Ted

cu
Adrian

-- 

       "Is there not promise of rain?" Ling Tan asked suddenly out
        of the darkness. There had been need of rain for many days.
       "Only a promise," Lao Er said.
                                       Pearl S. Buck - Dragon Seed

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ